Legal

Privacy Policy

Effective date: June 1, 2026 · Last updated: June 1, 2026

This Privacy Policy describes how Axel Ortega Cota, doing business as ImMagga ("we", "us", or "our") collects, uses, and protects your personal information when you use immagga.com or the ImMagga API (collectively, the "Service").

This policy complies with Mexico's Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP) and its regulations.

---

1. Data Controller

The data controller responsible for your personal data is:
Axel Ortega Cota, d/b/a ImMagga
Email: axelpatricioortegacota@gmail.com
Country: México

2. What We Collect

We collect only the minimum data necessary to operate the Service:

• Email address — when you request a free API key or purchase a plan. Used to deliver your key and send service-related communications.
• API usage data — render counts, timestamps, template names, and response times. Used to enforce plan limits and monitor service health.
• Payment information — handled entirely by Stripe. We never see or store your card number, CVV, or billing address.
• Server logs — IP addresses and HTTP request metadata, retained for up to 30 days for security and abuse prevention.

3. How We Use Your Data

• Deliver and operate the Service (send API keys, process API requests).
• Enforce plan usage limits and detect abuse.
• Send transactional emails (key delivery, billing receipts). No marketing without explicit consent.
• Improve performance and diagnose technical issues.

4. Third-Party Processors

We share data with the following processors only to the extent necessary to deliver the Service:

• Stripe (stripe.com) — payment processing. Stripe is the data controller for payment data. See stripe.com/privacy.
• Supabase (supabase.com) — database and file storage hosting. Data is stored in servers governed by Supabase's DPA.
• Cloudflare (cloudflare.com) — CDN, DDoS protection, and aggregate web analytics (no cookies, no individual tracking).
• Resend (resend.com) — transactional email delivery for API key notifications.

We do not sell your personal data to any third party.

5. Business Transfers

If we are involved in a merger, acquisition, asset sale, or transfer of the business, your personal data may be transferred to the acquiring party. We will provide notice before your data becomes subject to a different privacy policy and, where required by law, obtain your consent.

6. Disclosure to Law Enforcement

We may disclose your personal data if required to do so by law or in response to a valid request from a public authority (e.g. a court order or government agency), or when we believe in good faith that disclosure is necessary to:

• Comply with a legal obligation under Mexican or applicable international law.
• Protect and defend the rights or property of Axel Ortega Cota (d/b/a ImMagga).
• Prevent or investigate possible wrongdoing in connection with the Service.
• Protect the personal safety of users of the Service or the public.
• Protect against legal liability.

7. Data Retention

• Email addresses — retained while your account is active, and for up to 12 months after account deletion or inactivity.
• API usage logs — retained for 90 days, then aggregated and anonymized.
• Server logs — retained for 30 days.

8. Your Rights (ARCO)

Under the LFPDPPP you have the right to Access, Rectify, Cancel, and Object (ARCO) to the processing of your personal data. To exercise any of these rights, send an email to privacy@immagga.com with the subject line "ARCO Request". We will respond within 20 business days.

9. Children's Privacy

The Service is not directed to anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and become aware that your child has provided us with personal data, please contact us at axelpatricioortegacota@gmail.com.

If we become aware that we have collected personal data from a child under 13 without verifiable parental consent, we will take immediate steps to delete that information from our systems.

10. Cookies and Tracking

This website does not use cookies for tracking or advertising. Cloudflare Web Analytics collects anonymous, aggregate page-view data with no cookies and no individual identification. No personal data is collected at the analytics layer.

11. Security

We use industry-standard measures to protect your data: HTTPS/TLS for all communications, API keys stored as hashed values, and row-level security in our database. No system is perfectly secure — in the event of a breach we will notify affected users within 72 hours.

12. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy.

13. Contact

Questions about this policy? Email us at privacy@immagga.com.